- AI MonthFEATURED
- Tools
Catalyit Tools
Tech Assessment
Getting tech to work for you begins with understanding where you are, where you need to be, and how to bridge that gap.
Catalyit Success Journey™
Technology changes and evolves, just like you. The Catalyit Success Journey gives you the tech roadmap.
Tech Stack Survey
With the right tech, your agency will thrive. Find out what tools. integrations, processes and data agencies are using to maximize profits.
Featured TechSelectors
Know what features you're looking for but not sure which solution is right for you? Narrow down your options with the Catalyit TechSelector™ tool.
Cybersecurity Tools
Catalyit + Trava
Leverage these exclusive tools to better understand your clients' cyber liabilities and strengthen your cyber liability insurance quoting process.
Catalyit + defend-id
Give your agency an edge in this hard market and offer ID Theft Protection to your clients.
Just released: Digital Payments TechSelector
- Guides
Popular Guides
All Guides
Not sure where to start?
- Solution Providers
Solution Providers
Solution Provider Index
View all Solution Providers on the Catalyit platform.
Leave a Review
Submit a review so your peers can learn from your experience with a Solution Provider and make more informed decisions.
Refer a Solution Provider
Want to see a Solution Provider on the Catalyit platform? Let us know!
Partner Spotlight
- AgentSync
- Applied Systems
- Archway Computer
- BlueZone Cyber Solutions
- BrightFire
- CyberFin
- defend-id
- DONNA
- Dyad
- Experience.com
- GAIL by LULA
- HawkSoft
- Informer by Entrinsik
- Insu serve-1
- Levitate
- NowCerts
- PayMyPremiums
- Rhodian Group
- SALT
- Simply Easier Payments
- Trava
- RPost
- Vertafore
- Xanatek
- Solution Provider Index
- Leave a Solution Provider Review
- Refer a Solution Provider
- Become a Catalyit Solution Provider
Want to partner with Catalyit? Become a Catalyit Solution Provider.
- Resources
Featured Resources
TechTips Articles
Stay up-to-date on the latest industry trends and improve your productivity with Catalyit TechTips!
On-Demand Vault
Watch Catalyit Hot Topics, Live Demos, and other webinars on-demand.
Become a Catalyit subscriber!
- Consulting
New Offerings
Vertafore PL Consulting
Our Vertafore Personal Lines Consulting packages include optimized integrations for QQCatalyst, AgencyZoom, and PL Rating.
EZLynx Retention Center Course
Are you an agency using EZLynx but not taking full advantage of its powerful Retention Center? Take our 5-week course.
Not Sure Where to Start?
Catalyit Consulting
From small to large projects, new tech to process improvement with existing tech, productivity to customer experience and profit, we've got your back.
Need one-on-one help?
Frequently Asked Questions
CATALYIT + TRAVA
Your Cyber Insurance Sales Assistant
Common Cybersecurity Questions
What are cyber vulnerability scans?
A cyber vulnerability scan, also known as cyber vulnerability assessment, is a systematic review of a company’s digital infrastructure (the computers, systems and networks). Vulnerability scans identify weaknesses and misconfigurations in this infrastructure and can help a company to fortify defenses against cyber attacks.
What are common cyber security vulnerabilities?
Common vulnerabilities include misconfigurations, unsecured APIs, and unpatched software.
- Misconfigurations: Many applications require manual configuration, a process prone to error. It is important for organizations to automate the configuration process to reduce the risk of human error.
- Unsecured APIs: APIs (application programming interfaces) provide a digital interface for applications to communicate with each other. APIs are one of the few assets with a public IP address. If not adequately secured, they can become an easy target for attackers to breach.
- Unpatched or outdated software: Software vendors periodically release updates to add new features and functionalities or patch known cybersecurity vulnerabilities. Unfortunately, because of the sheer volume of updates from different software providers it can be easy to fall behind on updates and patching, or miss a new release entirely. Unpatched or outdated software often makes for an easy target for cybercriminals.
What are some common cyber threats?
- Social Engineering: Any network is hackable if an employee can be duped into sharing access. Over 75% of targeted cyberattacks start with an email.
- Third-Party Exposure: Vendors, clients, and app integrations with poor security can provide access to an otherwise well-protected network.
- Configuration Mistakes: Even professional security systems more than likely contain at least one error in how the software is installed and set up.
- Poor Cyber Hygiene: “Cyber hygiene” refers to regular habits and practices regarding technology use, like avoiding unprotected WiFi networks and implementing safeguards like a VPN or MFA. Just 34% of Americans change their passwords regularly, and only 45% change their passwords after a data breach.
- Cloud Vulnerability: Online data storage and transfer provide increased opportunities for a potential hack.
Why should a small business have cyber insurance?
Cyber insurance is a critical component of risk management for small businesses in today’s increasingly digital and interconnected world. It provides financial protection, resources, and expertise that can be invaluable in the event of a cyber incident.
Key reasons for cyber insurance include:
- Increasing Cyber Threats: Small businesses are often targets of cyberattacks because they may not have the same level of security infrastructure as larger corporations.
- Financial Protection: The costs associated with a cyberattack can be substantial, which can be financially crippling for a SMB. Costs can include expenses for data recovery, legal fees, public relations efforts to mitigate reputation damage, and fines or settlements if customer data is compromised.
- Data Breach Consequences: Many small businesses handle sensitive customer data. A breach can lead to significant legal and financial consequences.
- Business Continuity: A cyber incident can disrupt business operations, leading to lost revenue and eroding customer trust. Insurance can help cover lost income during downtime and assist with the costs of restoring operations.
What are some tips to sell cyber insurance to SMBs?
Use everyday language: Business owners want to understand the basics: What are the issues? How might this affect me? Why should I take action? Communicate in clear, simple terms. Avoid technical descriptions and unnecessary detail. Use everyday language to explain the risks and potential impacts of cyber crime on customers’ operations and bottom lines. Provide an overview of common cyber attacks, their frequency, and their impact.
Explain the risks with tangible examples: Clients should understand how the variety and prevalence of cyber risks means potentially greater risk for their business. Many small business owners think they’re not at risk because of their size, when in fact threat actors increasingly target small businesses using automated attacks. And many business leaders aren’t aware that nearly half of small business attacks originate with human error. Or that ransomware attacks often involve significant extortion losses. Or that cyber breaches compromising personal identifiable information (PII) can lead to privacy violations and lawsuits.
Explain the value of cyber insurance: Business owners want to make sound financial decisions. Illustrate the typical costs of cyber attacks related to stolen funds, lost business income, extortion, and equipment replacement — as well as the response costs such as technical, legal, and public relations expenses. The cumulative costs of a cyber attack can be devastating for a small business. Show how a cyber policy covers these costs, and helps companies quickly restore operations and protect their reputations.
Explain the coverages and what they mean: Cyber policies offer a broad scope of coverage, from network liability to business interruption. Using basic terms, help your client understand what these various coverages mean. Explain when they might come into effect and offer examples of what they provide. Point out the distinction between first-party and third-party claims, to underscore that cyber insurance can cover customer losses as well as business losses.
Highlight additional services: Most cyber policies offer benefits beyond traditional coverage. For example, risk assessment provides ongoing protection to identify risks and prevent issues from becoming problems. Many carriers provide in-house incident response teams and cyber claim experts so policyholders can recover faster with minimal business impacts.
What steps can a small business take to prevent cyber incidents?
It is essential for small businesses to prioritize cybersecurity measures due to limited resources. The three most critical steps SMBs can take to prevent cyber incidents are:
- Employee Training and Awareness: Regular training sessions on cybersecurity best practices, recognizing phishing attempts, secure handling of sensitive data, and importance of reporting suspicious activities.
- Implementing Strong Access Controls and Use of Multi-Factor Authentication (MFA): Enforce password policies and use MFA for all critical systems and applications, especially those accessible via the internet. Restrict access to sensitive data and systems to only those employees who need it for their work (principle of least privilege).
- Regular Software Updates and Security Patching: Establish a routine for regularly updating all software, including operating systems, applications, and security tools. Enable automatic updates where possible, and prioritize patches for known vulnerabilities, especially in widely used software.
While there are many other important practices, focusing on these three steps can significantly decrease the likelihood and potential impact of a cyber incident.
Common Trava Questions
How do I access Trava?
You must be a Catalyit subscriber and have less than 75 employees. If you have 75 employees or more, please contact Trava directly to gain access to the platform.
I've activated my free Prospecting account. How do I sign up for the Underwriting or Risk Management modules?
You can upgrade and purchase the Underwriting or Risk Management modules from the Catalyit + Trava Onboarding page. You will need to be a Full Access subscriber to access these modules, so an annual subscription will be added to your order based on your state and Big I association membership.
What benefits does Trava offer to insurance agents?
Agents can leverage Trava’s platform to offer tailored cybersecurity advice to their clients. With the Trava tools, agents can help their clients understand their cyber risk profile, enhance their risk management capabilities, and ensure they have appropriate cyber insurance coverage. Agents have the ability to differentiate themselves in a market that often views insurance as a commodity.
What modules are available in the Trava platform?
There are three distinct modules in the Trava platform:
- Prospecting: Get help with prospecting new clients and grow your cyber insurance book by running Cyber Checkup Reports.
- Underwriting: Get under the hood of your clients cyber posture and see where the gaps are. Run the full suite of external vulnerabilities reports and complete security control survey frameworks together with your clients to get a better picture of their cyber insurance readiness.
- Risk Management: Manage your client’s cybersecurity risks with external and internal vulnerability scans, and ongoing monitoring.
What is a Cyber Risk Checkup?
Trava’s Cyber Risk Checkup is a rapid assessment that checks the external security perimeter of a client for key gaps. It includes a port scan, certificate scan, and data breach scan. It is part of the Prospecting module. An agent can run the Cyber Risk Checkup by simply entering the domain name that you’d like to scan. The Cyber Risk Checkup can be used to assess where your client is most vulnerable, explain your clients’ cyber liabilities and demonstrate the need for cyber insurance.
What types of vulnerability scans are available through Trava?
Trava provides a suite of external vulnerability scans that reveal system weaknesses and security issues by looking at a company from “outside-in”. Examples of external scans: Port scan, certificate scan, data breach scan, perimeter scan and web application surface scan.
Trava also offers internal vulnerability scans to identify known vulnerabilities, misconfigurations and check the efficacy of existing security measures. Examples of internal scans: Cloud scan, MFA (Multi Factor Authentication) scan, web application scan, agent (endpoint) scan and Microsoft 365 scan.
What security control frameworks are available through Trava?
Security control frameworks are technical questionnaires to assess whether a client has the security controls in place that are required to obtain cyber insurance.
Examples of control questions include:
- Do you employ Multi-Factor Authentication on important access?
- Do you back up your critical data and periodically test your ability to recover it?
- Do you conduct monthly user awareness training and phishing exercises?
By working through this security control framework, in parallel to running vulnerability scans, an agent can be proactive and help his client to identify gaps in the company’s security posture – and potentially closing these gaps – before sending out a submission to a carrier in order to get the best insurance coverage possible.
Trava Modules & What's Included
Features | Prospecting | Underwriting | Risk Management |
---|---|---|---|
Catalyit Subscription | Basic or Full Access | Full Access | Full Access |
Number of Client Organizations | Unlimited | $500 / 10 Clients | $2,500 / 10 Clients |
API Access
Ability to interface with the platform's external API for integrated and automated workflows
|
|||
Custom Branding | |||
Reporting | |||
Customer Success | |||
Training | |||
Custom Surveys | Add-On | Add-On | Add-On |
Customized Reports (up to 3 per year) | Add-On | Add-On | Add-On |
Critical Controls Survey
Covers top 10 cybersecurity controls companies should have in place to protect their assets from cyber attacks
|
|||
Cyber Risk Checkup
Rapid external scan of public domains to identify rudimentary security issues
|
|||
Port Scan
Scan for publicly exposed network ports on multiple targets
|
|||
Breach Scan
Scan the web for any indications that you have been breached in the past
|
|||
Certificate Scan
Review of certificates used on your websites to validate secure communication
|
|||
DNS Scan
Scan domains and associated sub-domains for security misconfigurations; DNS is essential for emails to work
|
|||
Perimeter Scan
Scan of external IP addresses for your infrastructure
|
|||
Web App Surface Scan
Scan the public surface of any web application
|
|||
IP Attribution
Ability to determine if an IP address belongs to you or a 3rd party provider for the purposes of remediating vulnerabilities
|
|||
Subdomain Enumeration
An enhancement that allows our scans to identify all subdomains associated with the provided website domain
|
|||
Cybersecurity Framework Surveys
e.g. Insurance Readiness, HIPAA, SOC 2
|
|||
Underwriting Applications | |||
Cloud Scan
Analyze public cloud configurations (AWS, Azure, GCP) to identify configuration issues that could lead to security vulnerabilities
|
|||
Web App Scan
Scan web applications for security issues/vulnerabilities, and to test for conditions that indicate security exposures
|
|||
Microsoft 365 Scan
Analyze your Microsoft 365 environment to look for configuration issues that could lead to security vulnerabilities
|
|||
MFA Scan
Identify to what extent, if any, your client has MFA (Multi-Factor Authentication) enabled throughout their organization
|
|||
WordPress Scan
Scan your clients’ WordPress environments to identify vulnerabilities in the core platform, custom code, and plugins
|
|||
Endpoint Agent Scan
Scan remote devices such as laptops to detect security vulnerabilities
|
|||
Internal Vulnerability Scan
Run internal scans of your network to find security vulnerabilities
|